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DETAILED ACTION 

1 . This action is in response to application amendments filed on 9-24-2009. 

2. Claims 1 - 42 are pending. Claims 7, 23, 24, 29, 30 have been amended. 
Claims 41, 42 are new. Claims 1, 7, 15, 16, 23, 24, 29, 30 are independent. This 
application was filed 9-1 1-2003. 

Response to Arguments 

3. Applicant's additional arguments have been fully considered but were not 
persuasive. 

3.1 Applicant argues that the referenced prior art does not disclose, in response to a 
comparison that indicates that access by the access candidate is prohibited. 

The passage cited by Applicant (see Timson col. 3, lines 28-32) discloses a 
situation where no communication is allowed. The Timson prior art discloses that 
modules must belong to the same security scheme in order to communicate with each 
other, (see Timson col. 4, lines 16-32: encrypted communications, must belong to 
same security scheme to communicate) Otherwise, the encryption keys utilized by a 
particular security scheme do not allow communications with modules that are not part 
of the same security scheme. 

The security scheme is setup by the controller module, (see Timson col. 4, lines 
33-42: security scheme is setup by controller module) The controller module also sets 
up the other types of modules such as the additional module designated the resolution 
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authority, (see Timson coi. 4, line 60 - col. 5, line 4) 

Without a successful authorization comparison (a match), access is not permitted. 
Ail of the required functions are disclosed by the Timson prior art as indicated in the 
accompanying citations, (see Timson coi. 3, line 34 - col. 4, line 15: access information; 
request/response authorization information; comparison of candidate (authorization) 
information; authorization verification, or prohibition if verification not successful) The 
Examiner has reevaluated Applicant's remarks and has determined that the Applicant 
desires a third party to act as a resolution authority in performing an additional 
authentication service. 

The Timson prior art discloses the capability to add additional authentication 
modules to the authentication procedures. These additional authentication modules can 
generate a hierarchical structure for the authentication process with access to the 
resolution authority performed as a last authentication process as per claim limitation, 
(see Timson coi 4, line 60 - coi. 5, line 4: hierarchical authorization structure) The 
Timson and Moreh prior art combination discloses the usage of a resolution authority to 
provide an additional authentication services, (see Moreh col. 2, lines 48-62; coi. 5, line 
56 - coi. 6, line 19: authentication services between client and server using intermediate 
entity (protocol proxy)) 

The enabling module can grant permissions by writing permissions data to a 
module to make it an enabling module such as the resolution authority in Moreh prior 
art. 
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Claim Rejections ■ 35 USC §112 

4. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the Invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

5. Claim 41 is rejected under 35 U.S.C. 112, first paragraph, as failing to comply 
with the written description requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to reasonably convey to one 
skilled in the relevant art that the inventor(s), at the time the application was filed, had 
possession of the claimed invention. There does appear to be any disclosure for the 
claim limitation: "receiving supplemental evidence verifying the attributes of the access 
candidate". The term "supplemental" does not appear in the specification or the 
original claims. The specification in paragraph [0025] mentions "other evidence". The 
"supplemental evidence' 'will be interpreted as other evidence. The class distinction 
evidence (current location, citizenship) appears to fit the other evidence category. 

Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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7. Claims 1 - 4, 7 - 10, 14, 16 - 19, 24 - 26, 29 - 33, 37 - 40 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Timson et al. (US Patent No. 6,041,412) in 
view of Moreh et al. (US Patent No. 6,959,336) and further in view of Bacha et al. (US 
Patent No. 6,839,843). 

Regarding Claims 1, 7, 24, 29, Timson discloses a method for providing an access 
candidate access to secured electronic data, the method comprising: 

a) receiving, by a controller asso ciated with the secure d electro nic data, a request 
for access candidate access to the secured electronic data by a controller 
associated with the secured electronic data; (see Timson col. 3, lines 34-40; col. 
3, lines 57-64: request processing (i.e. request submitted and processed)) 

Furthermore, Timson discloses the following: 

b) comparing, at the controller, one or more attributes of the access candidate with 
one or more access requirements associated with the secured electronic data; 
(see Timson col. 2, lines 50-59: attributes; col. 3, lines 11-16: determine (i.e. 
comparing), enable access) 

c) submitting, by the controller, a request for authorization in response to a 
comparison that indicates that access by the access candidate is prohibited; (see 
Timson col. 3, lines 34-40; col. 3, lines 57-64: request processing, resolution 
authority; col. 2, lines 50-59: attributes; col. 4, lines 7-1 1 : access determination 
(comparison, match) required for access (i.e. prohibited without authorization)) 
and ; 
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d) granting the access candidate access to the secured electronic data if 

authorization for such access and a determination of whether to authorize access 
of the access candidate to the secure electronic data, wherein the determination 
is based on access ca ndidate information a nd request related information , (see 
Timson col. 4, lines 7-15: access enabled (i.e. granted) based on transmitted 
permission data) 

Furthermore, Timson discloses access determination using additional authorization 
modules, (see Timson col 4, line 60 - col. 5, line 4: additional authorization modules) 
Timson does not specifically disclose a resolution authority or a 3 rd party providing 
authentication services. However, Moreh discloses a resolution authority, (see 
Moreh col. 2, lines 48-62; col. 5, line 56 - col. 6, line 19: authentication services 
between client and server using intermediate entity (protocol proxy)) 

It would have been obvious to one of ordinary skill in the art to modify Timson 
to use authentication services such as a resolution authority as taught by Moreh. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Moreh in order to permit users and service provides the flexibility of choosing where 
to authenticate, (see Moreh col. 2, lines 44-46) 

Timson-Moreh does not specifically disclose modifying access requirements. 
However, Bacha discloses configured to modify the one or more access 
requirements, (see Bacha col. 10, lines 48-60: another authorized user such as a 
resolution authority with ability to update access control information) 
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It would have been obvious to one of ordinary skill in the art to modify Timson- 
Moreh for modifying access requirements as taught by Bacha. One of ordinary skill 
in the art would have been motivated to employ the teachings of Bacha to improve 
system efficiency by centralization of user access information and to use richer 
search parameters, (see Bacha col. 3, lines 18-24) 

Regarding Claims 2, 8, 17, 25, 31, Timson discloses the method as in Claims 1,8, 16, 
24, 30, further comprising granting the access candidate access to the secured 
electronic data in response to a comparison that indicates that access by the access 
candidate is not prohibited, (see Timson col. 4, lines 7-1 1 : access enabled (i.e. 
granted), not prohibited; col. 4, lines 7-11: access determination (comparison, match) 
required for access (i.e. prohibited without authorization)) 

Regarding Claims 3, 9, 18, 32, Timson discloses the method as in Claims 2, 7, 16, 30, 
further comprising denying the access candidate access to the secured electronic data 
if denied authorization, (see Timson col. 3, lines 28-32; col. 4, lines 11-15: access 
denied) 

Furthermore, Timson discloses access determination using additional authorization 
modules, (see Timson col 4, line 60 - col. 5, line 4: additional authorization modules) 
Timson does not specifically disclose a resolution authority or a 3 rd party providing 
authentication services. 

However, Moreh discloses a resolution authority, (see Moreh col. 2, lines 48-62; col. 5, 
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line 56 - col. 6, line 19: authentication services between client and server using 
intermediate entity (protocol proxy)) 

It would have been obvious to one of ordinary skill in the art to modify Timson to 
use authentication services such as a resolution authority as taught by Moreh. One of 
ordinary skill in the art would have been motivated to employ the teachings of Moreh in 
order to permit users and service provides the flexibility of choosing where to 
authenticate, (see Moreh col. 2, lines 44-46) 

Regarding Claims 4, 10, 19, 26, 33, Timson discloses the method as in Claims 1, 7, 
16, 24, 30, wherein the one or more access requirements associated with the secured 
electronic data are represented as part of a graphical display associated with the 
access candidate and accessed for display to the controller via a network, (see Timson 
col. 5, lines 26-35: display capability for user interface information; access permission 
information) 

Regarding Claims 14, 37, Timson discloses the method as in Claims 7, 30, wherein at 
least one of the request for access to the first security level or the request for access to 
the second security level is submitted by one or more sponsors, (see Timson col. 14, 
lines 13-20: request, 1st level security; col. 14, lines 25-35: request processing, 2nd 
level security) 

Regarding Claim 16, Timson discloses a system for providing an access candidate 
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access to secured electronic data, the system comprising: 

a) storage configured to receive and store the electronic data; (see Timson col. 18, 
lines 9-12; col. 18, lines 18-21 : storage capability for accessible data) 

Furthermore, Timson discloses the following: 

b) one or more resources configured to access and manipulate the electronic data; 
(see Timson col. 2, lines 31-34; col. 2, lines 40-41 : interrogatable and enabling 
modules, resources to access and manipulate data) 

c) means for evaluating a request for access candidate access to the one or more 
resources, wherein the evaluation of the request includes a first comparison of 
one or more attributes of the access candidate with one or more access 
requirements associated with the one or more resources; (see Timson col. 5, 
lines 5-13: software means; col. 2, lines 50-59: attributes; col. 3, lines 34-40; col. 
3, lines 57-64: request processing, evaluation to enable access) 

d) means for granting the access candidate access to the one or more resources if 
the first comparison indicates that access is not prohibited; (see Timson col. 5, 
lines 5-1 3: software means; col. 4, lines 7-1 1 : access enabled (i.e. granted)) 

e) means for evaluating a request for access candidate access to the electronic 
data by the one or more resources, wherein the evaluation of the request 
includes a second comparison of one or more attributes of the access candidate 
with one or more access requirements associated with the electronic data; (see 
Timson col. 5, lines 5-13: software means; col. 2, lines 31-34; col. 2, lines 40-41: 
interrogatable and enabling modules, resources to access and manipulate data) 
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f) means for submitting a request for authorization if the second comparison 
indicates that access to the electronic data by the access candidate is prohibited; 
(see Timson col. 5, lines 5-13: software means; col. 3, lines 34-40; col. 3, lines 
57-64: request processing, must be authorized to access data) and 

g) means for granting the access candidate access to the electronic data using the 
one or more resources if authorized, (see Timson col. 5, lines 5-13: software 
means; col. 3, lines 28-32; col. 4, lines 11-15: access enabled (i.e. granted)) 

Furthermore, Timson discloses access determination using additional authorization 
modules, (see Timson col 4, line 60 - col. 5, line 4: additional authorization modules) 
Timson does not specifically disclose a resolution authority or a 3 rd party providing 
authentication services. However, Moreh discloses a resolution authority, (see 
Moreh col. 2, lines 48-62; col. 5, line 56 - col. 6, line 19: authentication services 
between client and server using intermediate entity (protocol proxy)) 

It would have been obvious to one of ordinary skill in the art to modify Timson 
to use authentication services such as a resolution authority as taught by Moreh. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Moreh in order to permit users and service provides the flexibility of choosing where 
to authenticate, (see Moreh col. 2, lines 44-46) 

Timson-Moreh does not specifically disclose modifying access requirements. 
However, Bacha discloses configured to modify the one or more access 
requirements, (see Bacha col. 10, lines 48-60: another authorized user such as a 
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resolution authority with ability to update access control information) 

It would have been obvious to one of ordinary skill in the art to modify Timson- 
Moreh for modifying access requirements as taught by Bacha. One of ordinary skill 
in the art would have been motivated to employ the teachings of Bacha to improve 
system efficiency by centralization of user access information and to use richer 
search parameters, (see Bacha col. 3, lines 18-24) 

Regarding Claim 30, Timson discloses in a data security system having a first security 
level securing one or more resources for manipulating electronic data and a second 
security level securing access to the electronic data by the one or more resources, a 
method for determining an access candidate's access to the electronic data, the method 
comprising: 

a) receiving a request for access to the first security level; (see Timson col. 3, lines 
34-40: request processing (i.e. submitted and processed)) 

Furthermore, Timson disclose the following: 

b) granting the access candidate access to the first security level based on a 
comparison of one or more attribute: of the access candidate with one or more 
access requirements associated with the first security level; (see Timson col. 14, 
lines 13-20: 1st security level processing) 

c) receiving a request for access to the second security level; (see Timson col. 3, 
lines 34-40; col. 3, lines 57-64: request processing (i.e. submitted and 
processed)) and 
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d) submitting a request for authorization to a resolution authority in response to a 
comparison of one or more attributes of the access candidate with one or more 
access requirements associated with the second security level that indicates that 
access to the second security level by the access candidate is prohibited without 
authorization and determining the access candidate's access to the second 
security level, (see Timson col. 3, lines 34-40; col. 3, lines 57-64: request 
processing; col. 14, lines 25-35: 2nd security level processing; col. 4, lines 7-11: 
access determination (comparison, match) required for access (i.e. prohibited 
without authorization)) 

Furthermore, Timson discloses the generation of a hierarchical structure for access 
determination such as additional authorization modules, (see Timson col 4, line 60 - 
col. 5, line 4: hierarchical authorization structure) 

Timson does not specifically disclose a resolution authority or a 3 rd party providing 
authentication services. 

However, Moreh discloses a resolution authority, (see Moreh col. 2, lines 48-62; col. 
5, line 56 - col. 6, line 19: authentication services between client and server using 
intermediate entity (protocol proxy)) 

It would have been obvious to one of ordinary skill in the art to modify Timson 
to use authentication services such as a resolution authority as taught by Moreh. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Moreh in order to permit users and service provides the flexibility of choosing where 
to authenticate, (see Moreh col. 2, lines 44-46) 
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Timson-Moreh does not specifically disclose modifying access requirements. 
However, Bacha discloses configured to modify one or more access requirements 
associated with the second security level, (see Bacha col. 10, lines 48-60: another 
authorized user such as a resolution authority with ability to update access control 
information) 

It would have been obvious to one of ordinary skill in the art to modify Timson- 
Moreh for modifying access requirements as taught by Bacha. One of ordinary skill 
in the art would have been motivated to employ the teachings of Bacha to improve 
system efficiency by centralization of user access information and to use richer 
search parameters, (see Bacha col. 3, lines 18-24) 



Regarding Claim 38, Timson discloses the method as in claim 1, further comprising 
determining the authorization by granting a waiver of one or more access requirements 
associated with the secured electronic data, (see Timson col. 4, lines 44-56: permission 
attributes for records are changeable; col 10, lines 37-45: generation of access 
permissions, data modules) 

Furthermore, Timson discloses the generation of a hierarchical structure for access 
determination such as additional authorization modules, (see Timson col 4, line 60 - 
col. 5, line 4: hierarchical authorization structure) 

Timson does not specifically disclose a resolution authority or a 3 rd party providing 
authentication services. 
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However, Moreh discloses a resolution authority, (see Moreh col. 2, lines 48-62; col. 5, 
line 56 - col. 6, line 19: authentication services between client and server using 
intermediate entity (protocol proxy)) 

It would have been obvious to one of ordinary skill in the art to modify Timson to 
use authentication services such as a resolution authority as taught by Moreh. One of 
ordinary skill in the art would have been motivated to employ the teachings of Moreh in 
order to permit users and service provides the flexibility of choosing where to 
authenticate, (see Moreh col. 2, lines 44-46) 

Regarding Claim 39, Timson discloses the method as in claim 1, further comprising: 
determining the authorization by modifying the one or more access requirements 
associated with the secured electronic data, (see Timson col. 4, lines 44-56: permission 
attributes for records are changeable; col 10, lines 37-45: generation of access 
permissions, data modules) 

Furthermore, Timson discloses the generation of a hierarchical structure for access 
determination such as additional authorization modules, (see Timson col 4, line 60 - 
col. 5, line 4: hierarchical authorization structure) 

Timson does not specifically disclose a resolution authority or a 3 rd party providing 
authentication services. 

However, Moreh discloses a resolution authority, (see Moreh col. 2, lines 48-62; col. 5, 
line 56 - col. 6, line 19: authentication services between client and server using 
intermediate entity (protocol proxy)) 
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It would have been obvious to one of ordinary skill in the art to modify Timson to 
use authentication services such as a resolution authority as taught by Moreh. One of 
ordinary skill in the art would have been motivated to employ the teachings of Moreh in 
order to permit users and service provides the flexibility of choosing where to 
authenticate, (see Moreh col. 2, lines 44-46) 

Regarding Claim 40, Timson discloses the method as in claim 1 , further comprising 
determining the authorization by excluding the electronic data assigned to one or more 
prohibited data classes from access by the access candidate, (see Timson col. 4, lines 
44-56: permission attributes for records are changeable; col 10, lines 37-45: generation 
of access permissions, data modules) 

Furthermore, Timson discloses access determination using additional authorization 
modules, (see Timson col 4, line 60 - col. 5, line 4: additional authorization modules) 
Timson does not specifically disclose a resolution authority or a 3 rd party providing 
authentication services. 

However, Moreh discloses a resolution authority, (see Moreh col. 2, lines 48-62; col. 5, 
line 56 - col. 6, line 19: authentication services between client and server using 
intermediate entity (protocol proxy)) 

It would have been obvious to one of ordinary skill in the art to modify Timson to 
use authentication services such as a resolution authority as taught by Moreh. One of 
ordinary skill in the art would have been motivated to employ the teachings of Moreh in 
order to permit users and service provides the flexibility of choosing where to 
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authenticate, (see Moreh col. 2, lines 44-46) 
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8. Claims 5, 6, 11 - 13, 15, 20-23, 27, 28, 34 - 36, 41, 42 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Timson-Moreh-Bacha and further in view of 
Orsini et al. (US PGPUB No. 20040049687). 

Regarding Claims 5, 11, 13, 27, Timson discloses the method as in Claims 1, 7, 24, 
wherein the one or more access requirements, (see Timson col. 2, lines 50-59; col. 2, 
lines 41-49: attributes, permissions; col. 3, lines 34-40: required to access resources) 
Timson does not specifically disclose one or more access requirements related to at 
least one of a citizenship status of the access candidate or a current location of the 
access candidate. 

However, Orsini discloses wherein one or more access requirements are related to at 
least one of a citizenship status of the access candidate and a current location of the 
access candidate, (see Orsini paragraph [0013], lines 1-3; paragraph [0060], lines 4-13: 
management of secure data, parameters (i.e. attributes) agreement, location 
information) 

It would have been obvious to one of ordinary skill in the art to modify Timson for 
one or more access requirements related to at least one of a citizenship status of the 
access candidate and a current location of the access candidate as taught by Orsini. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Orsini for a relatively fast, secure, and efficient authentication of data streams, (see 
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Orsini paragraph [0012], lines 1-3; paragraph [0013], lines 1-3) 

Regarding Claims 6, 12, 22, 28, 36, Timson discloses the method as in Claims 5, 1 1 , 
16, 27, 30, wherein the one or more attributes of the access candidate, (see Timson 
col. 2, lines 50-59: permissions, attributes for requestor (i.e. access candidate); col. 3, 
lines 34-40: required to access resources) 

Timson does not specifically disclose one or more attributes relate to at least one of a 
citizenship status of the access candidate and a current location of the access 
candidate. 

However, Orsini discloses wherein one or more attributes of the access candidate relate 
to the at least one of a citizenship status of the access candidate or a current location of 
the access candidate, (see Orsini paragraph [0013], lines 1-3; paragraph [0060], lines 
4-13: management of secure data, parameters (i.e. attributes) agreement, location 
information) 

It would have been obvious to one of ordinary skill in the art to modify Timson for 
one or more attributes related to at least one of a citizenship status of the access 
candidate and a current location of the access candidate as taught by Orsini. One of 
ordinary skill in the art would have been motivated to employ the teachings of Orsini for 
a relatively fast, secure, and efficient authentication of data streams, (see Orsini 
paragraph [0012], lines 1-3; paragraph [0013], lines 1-3) 

Regarding Claim 15, Timson discloses in a data security system having a first security 



Application/Control Number: 10/659,368 Page 18 

Art Unit: 2436 

level securing one or more resources for manipulating electronic data and a second 
security level securing the electronic data, a method for providing an access candidate 
access to the electronic data, the method comprising: 

a) identifying a plurality of data subsets of the electronic data; (see Timson col. 6 
lines 43-46; multiple data sets and data records (i.e. a plurality of datasets)) 

Furthermore, Timson disclose the following: 

d) granting the access candidate access to the first security level based at least in 
part on an evaluation of the request for access to the first level; ((see Timson 
col. 14, lines 13-20: request, 1st level security) 

g) granting the access candidate access to the requested at least one data subset 
at the second security level if authorization is provided upon receipt of the 
request for authorization, (see Timson col. 14, lines 25-35: request, 2nd level 
security; col. 4, lines 7-1 1 : access enabled (i.e. granted)) 

Furthermore, Timson discloses wherein a request (see Timson col. 3, lines 34-40; 
col. 3, lines 57-64: request processing; col. 2, lines 56-59; col. 17, lines 4-1 1 : country 
attribute), and determining, for each data subset, at least one data class associated 
with the data subset (see Timson col. 2, lines 50-59: one data class or attributes of a 
class), and receiving from a first sponsor of the access candidate, a request for 
access to the first security level (see Timson col. 3, lines 34-40: request processing; 
col. 2, lines 56-59; col. 17, lines 4-11: country attribute, requestor attributes; col. 14, 
lines 13-20: request, 1st level security), and a second sponsor of the access 
candidate, a request for access to at least one data subset at the second security 
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level in response to an indication that access to the first security level has been 
granted (see Timson col. 14, lines 25-35: request, 2nd level security), and a request 
for authorization in response to a comparison of the at least one data class of the 
requested data subset that indicates that access to a requested data subset at the 
second level by the access candidate is prohibited, (see Timson col. 3, lines 34-40: 
permissions required to access data; col. 4, lines 7-1 1 : access determination 
(comparison, match) required for access (i.e. prohibited without authorization)) 

Furthermore, Timson discloses access determination using additional authorization 
modules, (see Timson col 4, line 60 - col. 5, line 4: additional authorization modules) 

Timson does not specifically disclose a resolution authority or a 3 rd party providing 
authentication services. 

However, Moreh discloses a resolution authority, (see Moreh col. 2, lines 48-62; col. 
5, line 56 - col. 6, line 19: authentication services between client and server using 
intermediate entity (protocol proxy)) 

It would have been obvious to one of ordinary skill in the art to modify Timson- 
Orsini to use authentication services such as a resolution authority as taught by 
Moreh. One of ordinary skill in the art would have been motivated to employ the 
teachings of Moreh to permit users and service provides the flexibility of choosing 
where to authenticate, (see Moreh col. 2, lines 44-46) 

Timson-Moreh does not specifically disclose an indication of a citizenship status of 
the access candidate, an indication of a current location of the access candidate, 
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and an indication of an existence of a data access agreement with the access 
candidate. 

However, Orsini discloses the following: 

b) at least a citizenship requirement and a location requirement for access to data 
associated with the data class; (see Orsini paragraph [0013], lines 1-3; 
paragraph [0060], lines 4-13: management of secure data, parameters (i.e. 
attributes) agreement, location information) 

c) an indication of a citizenship status of the access candidate, an indication of a 
current location of the access candidate, and an indication of an existence of a 
data access agreement with the access candidate; (see Orsini paragraph [0013], 
lines 1-3; paragraph [0060], lines 4-13: management of secure data, parameters 
(i.e. attributes) agreement, location information, citizenship information) 

e) an indication of a citizenship status of the access candidate and an indication of a 
current location of the access candidate; (see Orsini paragraph [0013], lines 1-3; 
paragraph [0060], lines 4-13: management of secure data, parameters (i.e. 
attributes) agreement, location information) 

f) citizenship status and the current location of the access candidate with the 
respective citizenship requirement and location requirement; (see Orsini 
paragraph [0013], lines 1-3; paragraph [0060], lines 4-13: management of secure 
data, parameters (i.e. attributes) agreement, location information) 

It would have been obvious to one of ordinary skill in the art to modify Timson- 
Moreh for the request including an indication of a citizenship status of the access 
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candidate, an indication of a current location of the access candidate, and an 
indication of an existence of a data access agreement with the access candidate as 
taught by Orsini. One of ordinary skill in the art would have been motivated to 
employ the teachings of Orsini for a relatively fast, secure, and efficient 
authentication of data streams, (see Orsini paragraph [0012], lines 1-3; paragraph 
[0013], lines 1-3) 

Timson-Moreh-Orsini does not specifically disclose modifying access requirements. 
However, Bacha discloses configured to modify access requirements associated 
with the at least one data class, (see Bacha col. 10, lines 48-60: another authorized 
user such as a resolution authority with ability to update access control information) 
It would have been obvious to one of ordinary skill in the art to modify Timson- 
Moreh-Orsini for modifying access requirements as taught by Bacha. One of 
ordinary skill in the art would have been motivated to employ the teachings of Bacha 
to improve system efficiency by centralization of user access information and to use 
richer search parameters, (see Bacha col. 3, lines 18-24) 

Regarding Claim 20, Timson discloses the system as in Claim 16, wherein one or 
more access requirements associated with the one or more resources related, (see 
Timson col. 3, lines 34-40; col. 3, lines 57-64: request processing; col. 2, lines 56-59; 
col. 17, lines 4-1 1 : country information, attributes) 

Timson does not specifically disclose at least one of: a valid data access agreement 
with a potential access candidate; a current location of the potential access candidate; 
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and a citizenship status of the potential access candidate. 

However, Orsini discloses wherein at least one of: a valid data access agreement with a 
potential access candidate; a current location of the potential access candidate; and a 
citizenship status of the potential access candidate, (see Orsini paragraph [0013], lines 
1-3; paragraph [0060], lines 4-13: management of secure data, parameters (i.e. 
attributes) agreement, location information) 

It would have been obvious to one of ordinary skill in the art to modify Timson for at 
least one of: a valid data access agreement with a potential access candidate; a current 
location of the potential access candidate; and a citizenship status of the potential 
access candidate as taught by Orsini. One of ordinary skill in the art would have been 
motivated to employ the teachings of Orsini for a relatively fast, secure, and efficient 
authentication of data streams, (see Orsini paragraph [0012], lines 1-3; paragraph 
[0013], lines 1-3) 

Regarding Claims 21, 34, 35, Timson discloses the system as in Claims 20, 30, 34, 
wherein one or more access candidate attributes, (see Timson col. 2, lines 50-56: 
attributes; col. 2, lines 56-59; col. 17, lines 4-1 1 : country attribute, resource access) 
Timson does not specifically disclose at least one of: an indication of an existence of a 
data access agreement with the access candidate; a current location of the access 
candidate; and a citizenship status of the access candidate. 

However, Orsini discloses wherein at least one of: an indication an existence of a data 
access agreement with the access candidate; a current location of the access 
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candidate; or a citizenship status of the access candidate, (see Orsini paragraph 
[0013], lines 1-3; paragraph [0060], lines 4-13: management of secure data, parameters 
(i.e. attributes) agreement, location information) 

It would have been obvious to one of ordinary skill in the art to modify Timson for at 
least one of: an indication an existence of a data access agreement with the access 
candidate; a current location of the access candidate; and a citizenship status of the 
access candidate as taught by Orsini. One of ordinary skill in the art would have been 
motivated to employ the teachings of Orsini for a relatively fast, secure, and efficient 
authentication of data streams, (see Orsini paragraph [0012], lines 1-3; paragraph 
[0013], lines 1-3) 

Regarding Claim 23, Timson discloses a system for providing an access candidate 
access to secured electronic data, the electronic data being associated with one or 
more data classes, each data class identifying at least a citizenship requirement and a 
location requirement for access to data associated with the data class, the system 
comprising: 

a) storage configured to receive and store the electronic data; (see Timson col. 18, 
lines 9-12; col. 18, lines 18-21: storage capability, data, information) 

Furthermore, Timson disclose the following: 

b) one or more resources configured to process and manipulate the electronic data; 
(see Timson col. 2, lines 31-34; col. 2, lines 40-41: interrogatable and enabling 
modules, resources to process and manipulate data) 
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e) adapted to authorize access to one or more portions of the electronic data in 
response to a comparison performed by a corresponding data access controller 
indicates access is prohibited; (see Timson col. 2, lines 31-34; col. 2, lines 40-41 : 
interrogatable and enabling modules, resources (i.e. resolution authorities) to 
control access and manipulate data; col. 3, lines 34-40: authorization required to 
access data; col. 4, lines 7-1 1 : access determination (comparison, match) 
required for access (i.e. prohibited without authorization)) and 

f) a data access module configured to: evaluate a request for access to one or 
more portions of the electronic data by the one or more resources to identify one 
or more data access controllers corresponding to the one or more portions of the 
electronic data; (see Timson col. 3, lines 34-40; col. 3, lines 57-64: request 
processing; col. 2, lines 31-34; col. 2, lines 40-41: interrogatable and enabling 
modules, resources (i.e. controllers) to enable (i.e. grant) access to data)) and 

g) forward the request for access to the one or more identified data access 
controllers for evaluation as to whether to grant the access candidate access to 
the corresponding one or more portions of the electronic data, (see Timson col. 
3, lines 34-40; col. 3, lines 57-64: request processing (i.e. submit, forward 
request for processing); col. 2, lines 31-34; col. 2, lines 40-41 : interrogatable and 
enabling modules, resources to enable (i.e. grant) control access to data)) 

Furthermore, Timson discloses wherein one or more data access controllers 
configured to grant access to a corresponding portion of the electronic data based at 
least in part on a comparison, and associated with one or more resources or data 
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classes of the corresponding portion of the electronic data, (see Timson col. 2, 
lines 31-34; col. 2, lines 40-41: interrogatable and enabling modules, resources to 
access and manipulate data; col. 4, lines 7-1 1 : access enabled (i.e. granted)) 

Furthermore, Timson discloses access determination using additional authorization 
modules, (see Timson col 4, line 60 - col. 5, line 4: additional authorization modules) 

Timson does not specifically disclose a resolution authority or a 3 rd party providing 
authentication services. 

However, Moreh discloses a resolution authority, (see Moreh col. 2, lines 48-62; col. 
5, line 56 - col. 6, line 19: authentication services between client and server using 
intermediate entity (protocol proxy)) 

It would have been obvious to one of ordinary skill in the art to modify Timson 
to use authentication services such as a resolution authority as taught by Moreh. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Moreh to permit users and service provides the flexibility of choosing where to 
authenticate, (see Moreh col. 2, lines 44-46) 

Timson-Moreh does not specifically disclose a citizenship status, a current location 
of the access candidate and an existence of a data access agreement with a 
citizenship requirement, location requirement and data access agreement 
requirement. 

However, Orsini discloses the following: 

c) a citizenship status and a current location of the access candidate and an 
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existence of a data access agreement with a citizenship requirement, wherein 
the location requirement and the data access agreement requirement; (see 
Orsini paragraph [0013], lines 1-3; paragraph [0060], lines 4-13: management of 
secure data, parameters (i.e. attributes) agreement, location information) 
d) the citizenship status and the current location of the access candidate with a 
citizenship requirement and a location requirement; (see Orsini paragraph 
[0013], lines 1-3; paragraph [0060], lines 4-13: management of secure data, 
parameters (i.e. attributes) agreement, location information) 
It would have been obvious to one of ordinary skill in the art to modify Timson- 
Moreh for at least one of: an indication an existence of a data access agreement 
with the access candidate; a current location of the access candidate; and a 
citizenship status of the access candidate as taught by Orsini. One of ordinary skill 
in the art would have been motivated to employ the teachings of Orsini for a 
relatively fast, secure, and efficient authentication of data streams, (see Orsini 
paragraph [0012], lines 1-3; paragraph [0013], lines 1-3) 

Timson-Moreh-Orsini does not specifically disclose modifying access requirements. 
However, Bacha discloses configured to modify the one or more access 
requirements, (see Bacha col. 10, lines 48-60: another authorized user such as a 
resolution authority with ability to update access control information) 

It would have been obvious to one of ordinary skill in the art to modify Timson- 
Moreh-Orsini for modifying access requirements as taught by Bacha. One of 
ordinary skill in the art would have been motivated to employ the teachings of Bacha 
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to improve system efficiency by centralization of user access information and to use 
richer search parameters, (see Bacha col. 3, lines 18-24) 

Regarding Ciaim 41, Timson discloses the method of claim 1 . (see Timson col. 2, lines 
31-34; col. 2, lines 40-41: interrogatabie and enabling modules to control access and 
manipulate data; col. 3, lines 34-40; col. 4, lines 7-1 1 : authorization required to access 
data) 

Timson does not specifically disclose for supplemental evidence to verify the attributes. 
However, Orsini discloses receiving supplemental evidence verifying the attributes of 
the access candidate, (see Orsini paragraph [0013], lines 1-3; paragraph [0060], lines 4- 
13: management of secure data, parameters (i.e. attributes) agreement, location 
information) 

It would have been obvious to one of ordinary skill in the art to modify Timson- 
Moreh for supplemental evidence such as current location to verify the attributes as 
taught by Orsini. One of ordinary skill in the art would have been motivated to employ 
the teachings of Orsini for a relatively fast, secure, and efficient authentication of data 
streams, (see Orsini paragraph [0012], lines 1-3; paragraph [0013], lines 1-3) 

Regarding Ciaim 42, Timson discloses the system of claim 15, wherein the data 
subsets are separated into the at least one data class based on a data provider of the 
data (see Timson col. 2, lines 31-34; col. 2, lines 40-41: interrogatable and enabling 
modules to control access and manipulate data; col. 3, Sines 34-40; col. 4, lines 7-1 1 : 
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authorization required to access data; col. 2, iines 50-59: one data class or attributes of 
a class; financial and banking information (data provider)) 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton V. Johnson whose telephone number is 571- 
270-1032. The examiner can normally be reached on Monday thru Friday , 8:00 - 
5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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